Generating bridge match identifiers for linking identifiers from server logs

ABSTRACT

Systems and methods of matching identifiers between multiple datasets are described herein. A system can transmit a first identifier vector to a third party server. The first identifier vector can include a first identifier, first parameters, and second parameters. The system can receive, from the third party server, the first identifier vector encrypted based on a third-party encryption. The system can receive, from the third party server, a second identifier vector encrypted based on the third-party encryption associated with the third party server. The second identifier vector can include a second identifier, third parameters, and fourth parameters. The system can determine a correlation count between the first identifier vector and the second identifier vector. The system can determine that the first identifier corresponds to the second identifier based on the correlation count. The system can generate one identifier key for both the first identifier and the second identifier.

CROSS-REFERENCES TO RELATED APPLICATIONS

The present application claims the benefit of priority under 35 U.S.C. §120 as a continuation of U.S. patent application Ser. No. 16/216,768,filed Dec. 12, 2018 and titled “GENERATING BRIDGE MATCH IDENTIFIERS FORLINKING IDENTIFIERS FROM SERVER LOGS,” which claims the benefit ofpriority under 35 U.S.C. § 120 as a continuation of U.S. patentapplication Ser. No. 15/650,099, filed Jul. 14, 2017 and titled“GENERATING BRIDGE MATCH IDENTIFIERS FOR LINKING IDENTIFIERS FROM SERVERLOGS,” which claims the benefit of priority under 35 U.S.C. § 120 as acontinuation of U.S. patent application Ser. No. 14/808,634, filed Jul.24, 2015 and titled “GENERATING BRIDGE MATCH IDENTIFIERS FOR LINKINGIDENTIFIERS FROM SERVER LOGS.” The contents of the foregoingapplications are incorporated herein by reference in their entireties.

BACKGROUND

In a computer networked environment such as the Internet, entities suchas people or companies can provide information for public display ononline content through web servers. When a client device sends requestsfor online content to the entity's various web servers and receivesonline content from the entity's respective web server, the web servercan maintain a log of such computing device network activity andinteractions according to various formats.

SUMMARY

At least one aspect is directed to a method of matching identifiersbetween multiple datasets. The method can include transmitting a firstidentifier vector to a third party server. The first identifier vectorcan include a first identifier, a plurality of first parameters, and aplurality of second parameters. The method can include receiving thefirst identifier vector encrypted based on a third-party encryptionassociated with the third party server. The method can includereceiving, from the third party server, a second identifier vectorencrypted based on the third-party encryption associated with the thirdparty server. The second identifier vector can include a secondidentifier, a plurality of third parameters, and a plurality of fourthparameters. The method can include determining a correlation countbetween the first identifier vector and the second identifier vectorbased on a match between some of the plurality of first parameters andsome of the plurality of the third parameters and between some of theplurality of the second parameters and some of the plurality of fourthparameters. The method can include determining that the first identifiercorresponds to the second identifier based on the correlation countbetween the first identifier vector and the second identifier vectorbeing above a determined threshold. The method can include generating,responsive to determining that the first identifier corresponds to thesecond identifier, one identifier key for both the first identifier andthe second identifier

At least one aspect is directed to system for matching identifiersbetween multiple datasets. The system can include a data processingsystem, comprising a mapping module. The data processing system cantransmit a first identifier vector to a third party server. The firstidentifier vector can include a first identifier, a plurality of firstparameters, and a plurality of second parameters. The data processingsystem can receive from the third party server, the first identifiervector encrypted based on a third-party encryption associated with thethird party server. The data processing system can receive a secondidentifier vector, encrypted based on the third-party encryptionassociated with the third party server. The second identifier vector caninclude a second identifier, a plurality of third parameters, and aplurality of fourth parameters. The data processing system can determinea correlation count between the first identifier vector and the secondidentifier vector based on a match between some of the plurality offirst parameters and some of the plurality of the third parameters andbetween some of the plurality of the second parameters and some of theplurality of fourth parameters. The data processing system can determinethat the first identifier corresponds to the second identifier based onthe correlation count between the first identifier vector and the secondidentifier vector being above a determined threshold. The dataprocessing system can generate, responsive to determining that the firstidentifier corresponds to the second identifier, one identifier key forboth the first identifier and the second identifier.

These and other aspects and implementations are discussed in detailbelow. The foregoing information and the following detailed descriptioninclude illustrative examples of various aspects and implementations,and provide an overview or framework for understanding the nature andcharacter of the claimed aspects and implementations. The drawingsprovide illustration and a further understanding of the various aspectsand implementations, and are incorporated in and constitute a part ofthis specification.

BRIEF DESCRIPTION OF THE DRAWINGS

The accompanying drawings are not intended to be drawn to scale. Likereference numbers and designations in the various drawings indicate likeelements. For purposes of clarity, not every component may be labeled inevery drawing. In the drawings:

FIG. 1 is a block diagram depicting one example computer networkedenvironment to match identifiers between different datasets, accordingto an illustrative implementation;

FIG. 2 is a block diagram depicting one example computer networkedenvironment to match identifiers between different datasets, accordingto an illustrative implementation;

FIG. 3 is a flow diagram depicting an example method of matchingidentifiers between different datasets, according to an illustrativeimplementation; and

FIG. 4 is a block diagram illustrating a general architecture for acomputer system that may be employed to implement elements of thesystems and methods described and illustrated herein, according to anillustrative implementation.

Like reference numbers and designations in the various drawings indicatelike elements.

DETAILED DESCRIPTION

Following below are more detailed descriptions of various conceptsrelated to, and implementations of, methods, apparatuses, and systems ofmatching identifiers between different datasets. Online and offlineinteractions by the same entity may be logged by various partiesdifferently. For example, each of the various parties can keep track ofthese interactions using different identifiers and encryptiontechniques.

The systems and methods described herein can map identifiers betweendifferent datasets stored by the various parties using differentidentifiers and encryption techniques. For example, a computing devicecan access an online document (e.g., a webpage) that includes contentitems (e.g., advertisements), and a user of the computing device canclick on or convert the content item to access a landing page indicatedby or associated with the content item. A content publisher computingdevice can identify this interaction using the publisher's ownidentifier and encryption techniques. A content item provider computingdevice can also identify transactions using the content item provider'sown identifier and encryption techniques. As such, the webpage or othercontent publisher may not have information indicating how the contentitem provider identifies a computing device, and vice versa. Moreover,the content publisher entity (e.g., website owner) and the content itemprovider entity (e.g., advertiser) may not wish to transmit proprietaryor confidential information without taking precautions.

Using for example blind encryption techniques, the systems and methodsdescribed herein can allow various parties to determine the correlationbetween their respective identifiers encrypted using differentencryption techniques. A first party server and a third party server(e.g., a computing system with one or more processors) can encryptreceived identifier vectors that contain log data of the computingdevice interactions, and exchange the encrypted identifier vectors. Acomputing device interaction can include, for example, requests foronline content from the server, visits to a websites, and computingdevice identifier authentication, or any other activity between thecomputing device and the server. Using the exchanged and encryptedidentifier vectors, the first party server or the third party server candetermine which of the other identifiers correspond to theiridentifiers, and generate an identifier key for each of the respectiveidentifiers.

For example, the first party server can transmit an identifier vector toa third party server. The first party identifier vector can include anencryption of a first party identifier, a set of first parameters, and aset of second parameters. The first party identifier vector can alsoinclude an encryption of the first party identifier and a set of keysbased on a combination of the respective first parameter and therespective second parameter. The first party identifier can include adevice identifier associated with a particular client device and anaccount identifier associated with the a profile, address, or account,for example. The key based on the combination of the respective firstparameter and the respective second parameter can be generated by a hashfunction. Each of the first parameters and second parameters can be apart of a log row entry specifying, for example, the location and timeof the corresponding logged computing device interaction.

Having transmitted the first party identifier vector from the firstparty server, the first party server can receive the first partyidentifier vector encrypted by the encryption algorithm of the thirdparty server back from the third party server. In addition, the firstparty server can receive another identifier vector from the third partyserver based on the log data of the third party server. The third partyidentifier vector can include an encryption of a third party identifier,a set of third parameters, and a set of fourth parameters. The thirdparty identifier vector can also include an encryption of third partyidentifier and a set of key based on a combination of the respectivethird parameter and the respective fourth parameter. The identifier usedby the third party may be different from the identifier used by thefirst party server. The encryption applied by the third party server maybe different from the encryption applied by the first party server. Thethird parameter can correspond to the same type of log information asthe first parameter. The fourth parameter can correspond to the sametype of log information as the third parameter. Each of the thirdparameters and fourth parameters can include also a log row entryspecifying, for example, the location and time of the correspondinglogged computing device interaction.

After receiving the identifier vector based on the third party serverlog data, the first party server can apply its own encryption algorithmto the received identifier vector. Now having both sets of identifiervectors, the first party server can determine a correlation or mappingof the identifiers based on the matches between the first parameters andthe third parameters and between the second parameters and the fourthparameters. For example, the first parameter and third parameter includelocation information about a user interaction and the second parameterand the fourth parameter include time information about the userinteraction. In this example, The first party server can determine thatthere is a match between the respective parameters, when they are withina defined threshold distance and time frame. The first party server candetermine that the identifiers correspond to each other, when the numberof such matches are above a defined threshold. Using thiscorrespondence, the first party server can generate a bridge or matchidentifier key. The bridge or match identifier key can then be used in anumber of applications. For example, a content provider computing deviceor a content publisher computing device can use the key to determine aconversion rate among various online and offline interactions.

FIG. 1 is a block diagram depicting one example computer networkedenvironment 100 to match identifiers between different datasets,according to an illustrative implementation. The network 105 can includecomputer networks such as the internet, local, wide, metro or other areanetworks, intranets, satellite networks, other computer networks such asvoice or data mobile phone communication networks, and combinationsthereof. The system 100 can also include at least one data processingsystem 110, e.g., at least one logic device such as a computing deviceor server having a processor to communicate via the network 105, forexample with at least one content provider computing device 115, atleast one content publisher computing device 120, at least one clientdevice 125, or at least one third party server 130.

The network 105 may be any type or form of network and may include anyof the following: a point-to-point network, a broadcast network, a widearea network, a local area network, a telecommunications network, a datacommunication network, a computer network, an ATM (Asynchronous TransferMode) network, a SONET (Synchronous Optical Network) network, a SDH(Synchronous Digital Hierarchy) network, a wireless network and awireline network. The network 105 may include a wireless link, such asan infrared channel or satellite band. The topology of the network 105may include a bus, star, or ring network topology. The network mayinclude mobile telephone networks using any protocol or protocols usedto communicate among mobile devices, including advanced mobile phoneprotocol (“AMPS”), time division multiple access (“TDMA”), code-divisionmultiple access (“CDMA”), global system for mobile communication(“GSM”), general packet radio services (“GPRS”) or universal mobiletelecommunications system (“UMTS”). Different types of data may betransmitted via different protocols, or the same types of data may betransmitted via different protocols.

The system 100 can include at least one data processing system 110 andat least one third party server 130. The data processing system 110 andthird party server 130 can each include at least one logic device suchas a computing device having a processor to communicate via the network105, for example with the client device 125, the web site operator orcontent publisher computing device 115, and at least one contentprovider computing device 125. The data processing system 110 and thirdparty server 130 can each include at least one server. For example, thedata processing system 110 or third party server 130 can each include aplurality of servers located in at least one data center. The dataprocessing system 110 and third party server 130 each can includemultiple, logically-grouped servers and facilitate distributed computingtechniques. The logical group of servers may be referred to as a serverfarm or a machine farm. The servers can also be geographicallydispersed. A machine farm may be administered as a single entity, or themachine farm can include a plurality of machine farms. The serverswithin each machine farm can be heterogeneous—one or more of the serversor machines can operate according to one or more type of operatingsystem platform. The third party server 130 can include many of the sameor similar functionalities and modules as the data processing system 110described herein, among others.

Servers in the machine farm can be stored in high-density rack systems,along with associated storage systems, and located in an enterprise datacenter. For example, consolidating the servers in this way may improvesystem manageability, data security, the physical security of thesystem, and system performance by locating servers and high performancestorage systems on localized high performance networks. Centralizing theservers and storage systems and coupling them with advanced systemmanagement tools allows more efficient use of server resources.

The data processing system 110 can include a mapping module 135, anencryption module 140, and at least one database 145. The mapping module135 or encryption module 140 can include at least one processing unit orother logic device such as a programmable logic array engine, or moduleconfigured to communicate with the database 145. The mapping module 135and encryption module 140 can be separate components, a singlecomponent, or a part of the data processing system 110. The system 100and its components, such as a data processing system, may includehardware elements, such as one or more processors, logic devices, orcircuits. One or more modules of, in communication with, or otherwiseassociated with the third party server 130 can include many of the samefunctionalities as the mapping module 135 or the encryption module 140.

The data processing system 110 and the third party server 130 each canobtain anonymous computer network activity information associated with aplurality of computing devices 110. A user of a client device 125 canaffirmatively authorize the data processing system 110 to obtain networkactivity information corresponding to the user's client device 125. Forexample, the data processing system 110 can prompt the user of theclient device 125 for affirmative consent to obtain one or more types ofnetwork activity information, such as geographic location information.The identity of the user of the client device 125 can remain anonymousand the client device 125 may be associated with a unique identifier(e.g., a unique identifier for the user or the computing device providedby the data processing system or a user of the computing device). Thedata processing system can associate each observation with acorresponding unique identifier.

For situations in which the systems discussed here collect personalinformation about users, or may make use of personal information, theusers may be provided with an opportunity to control whether programs orfeatures that may collect personal information (e.g., information abouta user's social network, social actions or activities, a user'spreferences, or a user's current location), or to control whether or howto receive content from the content server that may be more relevant tothe user. In addition, certain data may be treated in one or more waysbefore it is stored or used, so that certain information about the useris removed when generating parameters (e.g., demographic parameters).For example, a user's identity may be treated so that no identifyinginformation can be determined for the user, or a user's geographiclocation may be generalized where location information is obtained (suchas to a city, ZIP code, or state level), so that a particular locationof a user cannot be determined. Thus, the user may have control over howinformation is collected about the user and used by a content server.

The content provider computing devices 115 can include servers or othercomputing devices operated by a content provider entity to providecontent items such as advertisements for display on informationresources at the client device 125. The content provided by the contentprovider computing device 115 can include third party content items(e.g., ads) for display on information resources such as a website orweb page that includes primary content, e.g. content provided by thecontent publisher computing device 120. The content items can also bedisplayed on a search results web page. For example, the contentprovider computing device 115 can provide or be the source of ads orother content items for display in content slots of content web pagessuch as a web page of a company where the primary content of the webpage is provided by the company, or for display on a search resultslanding page provided by a search engine. The content items associatedwith the content provider computing device 115 can be displayed oninformation resources other than web pages, such as content displayed aspart of the execution of an application on a smartphone or other clientdevice 125.

The content publisher computing devices 120 can include servers or othercomputing devices operated by a content publishing entity to provideprimary content for display via the network 105. For example, thecontent publisher computing device 120 can include a web page operatorwho provides primary content for display on the web page. The primarycontent can include content other than that provided by the contentpublisher computing device 120, and the web page can include contentslots configured for the display of third party content items (e.g.,ads) from the content provider computing device 115. For example, thecontent publisher computing device 120 can operate the website of acompany and can provide content about that company for display on webpages of the website. The web pages can include content slots configuredfor the display of third party content items such as ads of the contentprovider computing device 115. In some implementations, the contentpublisher computing device 120 includes a search engine computing device(e.g. server) of a search engine operator that operates a search engineweb site. The primary content of search engine web pages (e.g., aresults or landing web page) can include results of a search as well asthird party content items displayed in content slots such as contentitems from the content provider computing device 115.

The client devices 125 can include computing devices configured tocommunicate via the network 105 to display data such as the contentprovided by the content publisher computing device 120 (e.g., primaryweb page content or other information resources) and the contentprovided by the content provider computing device 115 (e.g., third partycontent items such as ads configured for display in a content slot of aweb page). The client device 125, the content provider computing device115, and the content publisher computing device 120 can include desktopcomputers, laptop computers, tablet computers, smartphones, personaldigital assistants, mobile devices, client devices, consumer computingdevices, servers, clients, and other computing devices. The clientdevice 125, the content provider computing device 115, and the contentpublisher computing device 120 can include user interfaces such asmicrophones, speakers, touchscreens, keyboards, pointing devices, acomputer mouse, touchpad, or other input or output interfaces.

The data processing system 110 can transmit a first identifier vector toa third party server 130. The first identifier vector can include afirst identifier, a plurality of first parameters, and a plurality ofsecond parameters. The first identifier, the plurality of firstparameters, and the plurality of second parameters can be stored in andobtained from the one or more databases 145. The first identifier vectorcan be, for example, of the form of an indexed tuple, one or multipledimensional array, container, linked list, tree, or any data structuresuitable to store or otherwise index logged user interactions, such asthe first identifier, plurality of first parameters, and plurality ofsecond parameters. The first identifier can include, for example, anaccount identifier, device identifier, phone number, or a combinationthereof, or any other identifier to identify a particular user or clientdevice 125. The first identifier can be, for example, of the form of analphanumerical string, a randomly or pseudo-randomly generated number,or a character string, among others. The plurality of first parametersand plurality of second parameters each can catalog or otherwise indexlog data of interactions by the one or more client devices 125 with thedata processing system 110, the content provider computing device 115,or the content publisher computing device 120, via the network 105. Thelog data of interactions by the one or more client devices 125 can bestored in and obtained from the one or more databases 145. The pluralityof first parameters can include location identifiers of the associatedrecorded interaction. The plurality of second parameters can includetime stamps of the associated recorded interaction. The plurality offirst parameters and the plurality of second parameters can includeother parameters or data used to catalog or record log data ofinteractions by the one or more client devices 125. Representedmathematically, the first identifier vector can be, for example, of theform:X

[ID _(X),{(p ₁ ,q ₁),(p ₂ ,q ₂), . . . (p _(N) ,q _(N))}]where X is the first identifier vector, ID_(X) is the first identifier,p_(n) is the first parameter for the n-th recorded interaction, andq_(n) is the second parameter for the n-th recorded interaction. Forexample, the first parameters can be location identifier of recordedinteractions and second parameters can be time stamps of recordedinteractions. Furthermore, the client device 125 with the deviceidentifier “x345q$” can have transmitted a request for a webpage on Jul.14, 2015 at time 15:34:11 from San Jose, Calif. and then another requestfor another webpage on Jul. 15, 2015 at time 9:12:34 from Folsom,Calif., both requests recorded by the data processing system 110 at theone or more databases 145. In this example, ID_(A) would be “x345q$”, p₁would be “San Jose, Calif.,” q₁ would be “Jul. 14, 2015 15:34:11,” p₂would be “Folsom, Calif.,” and q₂ would be “Jul. 15, 2015 9:12:34.”

The encryption module 140 can categorize the plurality of firstparameters and the plurality of second parameters into a plurality offirst categories based on the respective value of the plurality of firstparameters or the respective value of the plurality of secondparameters. The encryption module 140 can categorize the plurality offirst parameters and the plurality of second parameters into a pluralityof first categories based on a first quantization of the plurality offirst parameters. The encryption module 140 can categorize the pluralityof first parameters and the plurality of second parameters into aplurality of second categories based on a second quantization of theplurality of second parameters. The first quantization can define orotherwise specify which of the plurality of first parameters arecategorized into the respective first category. The second quantizationcan define or otherwise specify which of the plurality of secondparameters are categorized into the respective second category. Thefirst quantization and the second quantization can be used to assign,categorize, or classify a first parameter and the second parameterrespectively to a more genericized category. The encryption module 140can generate a plurality of first category values and a plurality ofsecond category values. Each of the plurality of first categories andeach of the plurality of second categories can be associated with acategory value or index, such as, for example, a randomly generatedalphanumeric value. From the previous example, if the first quantizationis by city and the second quantization is by date, the encryption module140 can categorize the request for the webpage on Jul. 14, 2015 at time15:34:11 from San Jose, Calif. in a category different from the requestfor the other webpage on Jul. 15, 2015 at time 9:12:34 from Folsom,Calif. based on the quantizations for the respective category. Inaddition, each of these categories can then be assigned a differentrandom alphanumeric value. Represented mathematically, the firstidentifier vector can be, for example, of the form:X

[ID _(X),{

(p ₁ ,q ₁),(p ₂ ,q ₂), . . .

_(i), . . .

(p _(N) ,q _(N))

_(I)}]where X is the first identifier vector, ID_(X) is the first identifier,p_(n) is the first parameter for the n-th recorded interaction, q_(n) isthe second parameter for the n-th recorded interaction, and

. . .

_(i) denotes the i-th respective category value into which the firstparameter p_(n) and the second parameter q_(n) were categorized based onthe first parameter value or the second parameter value, or acombination thereof. The data processing system 110 can transmit a firstidentifier vector that includes a first identifier and a plurality offirst category values or the plurality of second category values to thethird party server 130. The data processing system 110 can transmit afirst identifier vector that includes a first identifier and a pluralityof first categories or the plurality of second categories to the thirdparty server 130.

The encryption module 140 can generate a plurality of first combinationsof the plurality of first parameters and the plurality of secondparameters. Each of the plurality of first combinations can begenerated, for example, based on a hash function or cipher function ofeach of the plurality of first parameters and each of the plurality ofsecond parameters. Represented mathematically, using a hash function ofa location identifier as the first parameter and a time stamp as thesecond parameter, the first identifier vector can be, for example, ofthe form:X

[ID _(X) ,{

h(l ₁ ,t ₁),h(l ₂ ,t ₂), . . .

_(i) , . . .

h(l _(N) ,t _(N))

_(I)}]where X is the first identifier vector, ID_(X) is the first identifier,l_(n) is the location identifier for the n-th recorded interaction,t_(n) is the time stamp for the n-th recorded interaction,

. . .

_(i) denotes the i-th respective category value into which the locationidentifier l_(n) and the time stamp t_(n) were categorized based on thelocation identifier or the time stamp, and h(⋅) is the hash function.The data processing system 110 can transmit the first identifier vectorincluding the first identifier and the plurality of first combinationsto the third party server 130.

The encryption module 140 can encrypt the first identifier, theplurality of first parameters, and the plurality of second parametersbased on a first party encryption. The encryption module 140 can encryptthe first identifier, the plurality of first parameters and theplurality of first combinations. Examples of the first party encryptioncan include asymmetric encryption algorithms, cryptographic hashfunctions, fingerprints, or any other encryption algorithm that may becommutative. For example, the encryption module 140 can use an RSAcryptosystem technique, in which the encryption key may be known toevery computing device and may be different from the decryption keywhich may be kept secret. In this example, the asymmetry may be based onthe difficulty of factoring the product of two large prime numbers.Represented mathematically, using a hash function of a locationidentifier as the first parameter and a time stamp as the secondparameter, the first identifier vector encrypted based on the firstparty encryption can be, for example, of the form:X

AX=A[ID _(X) ,{

h(p ₁ ,q ₁),h(p ₂ ,q ₂) . . .

_(i) , . . .

h(p _(N) ,q _(N))

_(I)}]where X is the encrypted first identifier vector, X is the firstidentifier vector, A is the first party encryption matrix, ID_(X) is thefirst identifier, l_(n) is the location identifier for the n-th recordedinteraction, t_(n) is the time stamp for the n-th recorded interaction,

. . .

_(i) denotes the i-th respective category value into which the locationidentifier l_(n) and the time stamp t_(n) were categorized, and h(⋅) isthe hash function. In this example, using the first party encryptionmatrix A, the encryption module 140 can apply a different encryptionalgorithm for each or some of the first identifier and the respectivecategory value of the plurality of first categories and the respectivecategory value of the plurality of second categories. The dataprocessing system 110 can transmit the first identifier vector encryptedbased on the first party encryption to the third party server 130,subsequent or responsive to encrypting the first identifier, theplurality of first parameters, and the plurality of second parametersbased on the first party encryption.

The encryption module 140 can generate dummy data for the plurality offirst parameters and the plurality of second parameters. Some of theplurality of the first parameters and some of the plurality of thesecond parameters each can include dummy data. Dummy data can includerandomly generated first parameters and second parameters forinteractions. Dummy data can be, for example, indicative of interactionsthat the one or more client devices 125 actually may not have performed.The encryption module 140 can insert the dummy data into the pluralityof first parameters and the plurality of second parameters. The dataprocessing system 110 can transmit the first identifier vector,including the dummy data, to the third party server 130.

The data processing system 110 can receive, from the third party server130, the first identifier vector encrypted based on a third partyencryption associated with the third party server 130. Receipt of thefirst identifier vector by the third party server 130 can cause orotherwise trigger the third party server 130 or one or more entities ordevices associated with the third party server 130 to encrypt thereceived first identifier vector based on the third party encryption.Subsequent to or simultaneous with transmitting the first identifiervector to the third party server 130, the data processing system 110 canalso transmit to the third party server 130 a request to encrypt thefirst identifier vector. The request to encrypt the first identifiervector can also cause or otherwise trigger the third party server 130 orone or more entities associated with the third party server 130 toencrypt the first identifier vector based on the third party encryption.Examples of the third party encryption can include asymmetric encryptionalgorithms, cryptographic hash functions, fingerprints, or any otherencryption algorithm that may be commutative. Representedmathematically, using a hash function of a location identifier as thefirst parameter and a time stamp as the second parameter, the firstidentifier vector further encrypted based on the third party encryptioncan be, for example, of the form:X

B X =BAX=BA[ID _(X) ,{

h(l ₁ ,t ₁),h(l ₂ ,t ₂)

_(i) , . . .

h(l _(N) ,t _(N))

_(I)}]where X is the first identifier vector doubly encrypted by the firstparty encryption and the third party encryption, X is the firstidentifier vector encrypted by the first party encryption, X is thefirst identifier vector, B is the third party encryption matrix, A isthe first party encryption matrix, ID_(X) is the first identifier, l_(n)is the location identifier for the n-th recorded interaction, t_(n) isthe time stamp for the n-th recorded interaction,

. . .

_(i) denotes the i-th respective category value into which the locationidentifier l_(n) and the time stamp t_(n) were categorized based on thelocation identifier or the time stamp, and h(⋅) is the hash function.

The data processing system 110 can receive from the third party server130 a second identifier vector encrypted based on the third-partyencryption associated with the third party server 130. The secondidentifier vector can include a second identifier, a plurality of thirdparameters, and a plurality of fourth parameters. The second identifier,the plurality of third parameters, and the plurality of fourthparameters can be stored in and obtained from the one or more databasesat or associated with the third party server 130. The plurality of thirdparameters and the plurality of first parameters can be of a first typeof parameter. The plurality of fourth parameters and the plurality ofsecond parameters can be of a second type of parameter. For example, ifthe plurality of first parameters and the plurality of second parameterswere location identifiers and time stamps respectively each identifyinga location and time of the interaction recorded by the one or moredatabases 145, the plurality of third parameters and the plurality offourth parameters can also be location identifiers and time stampsrespectively of the interactions recorded by the third party server 130.The second identifier vector can be, for example, of the form of anindexed tuple, one or multiple dimensional array, container, linkedlist, tree, or any data structure suitable to store or otherwise indexlogged user interactions, such as the second identifier, plurality ofthird parameters, and plurality of fourth parameters. The secondidentifier can include, for example, an account identifier, deviceidentifier, phone number, or a combination thereof, or any otheridentifier to identify a particular user or client device 125. Theplurality of third parameters and plurality of fourth parameters eachcan catalog or otherwise index log data of interactions by the one ormore client devices 125 with the third party server 130, the contentprovider computing device 115, or the content publisher computing device120 via the network 105. The log data of interactions by the one or moreclient devices 125 can be stored in and obtained from the one or moredatabases at or associated with the third party server 130. Theplurality of third parameters can include location identifiers of theassociated recorded interaction. The plurality of fourth parameters caninclude time stamps of the associated interaction. The plurality ofthird parameters and the plurality of fourth parameters can includeother parameters or data used to catalog or record log data ofinteractions by the one or more client devices 125.

The data processing system 110 can transmit a request for the secondidentifier vector to the third party server 130. Receipt of the requestfor the second identifier vector to the third party server 130 can causeor otherwise trigger the third party server 130 to encrypt the secondidentifier vector and transmit the encrypted second identifier vector tothe data processing system 110. Receipt of the first identifier vectorby the third party server 130 can also cause or otherwise trigger thethird party server 130 to encrypt the second identifier vector andtransmit the encrypted second identifier vector to the data processingsystem 110. The data processing system 110 can also receive from thethird party server 130 the second identifier vector encrypted based onthe third party encryption associated with the third party server 130,prior to transmitting the request for the second identifier vector orthe first identifier vector to the third party server 130. Examples ofthe third party encryption can include asymmetric encryption algorithms,cryptographic hash functions, fingerprints, or any other encryptionalgorithm that may be commutative. Represented mathematically, thesecond identifier vector encrypted based on the third party encryptioncan be, for example, of the form:Y

BY=B[ID _(Y),{(r ₁ ,s ₁),(r ₂ ,s ₂), . . . (r _(M) ,s _(M))}]where Y is the encrypted second identifier vector, Y is the secondidentifier vector, B is the third party encryption matrix, ID_(Y) is thesecond identifier, r_(m) is the third parameter for the m-th recordedinteraction, and s_(m) is the fourth parameter for the m-th recordedinteraction. Using the third party encryption matrix B, differentencryption algorithms may be applied to each or some of the secondidentifier, the plurality of third parameters, and the plurality offourth parameters are encrypted. For example, the third parameters canbe location identifier of recorded interactions and fourth parameterscan be time stamps of recorded interactions. Furthermore, the one ormore client devices 125 associated with the account identifier“cr3a1q@example_mail.com” could have made a purchase from a physicalstore at Jul. 15, 2015 at time 8:50:02 located in San Jose, Calif. andthen another purchase order on the user's client device 125 from awebpage at Jul. 15, 2015 at 9:19:59 from Folsom, Calif., both purchaseorders recorded at one or more databases at the third party server 130.In this example, the ID_(Y) would be “cr3a1q@example_mail.com,” r₁ wouldbe “San Jose, Calif.,” s₁ would be “Jul. 15, 2015 8:50:02,” r₂ would be“Folsom, Calif.,” and s₂ “Jul. 15, 2015 9:19:59.”

The data processing system 110 can receive from the third party server130 the second identifier vector that includes the second identifier anda plurality of third category values or a plurality of fourth categoryvalues. The plurality of third category values or the plurality offourth category values can be based on a plurality of third categoriesand the plurality of fourth categories. The plurality of thirdparameters and the plurality of fourth parameters can be assigned,categorized, or otherwise classified into the plurality of thirdcategories based on the respective value of the plurality of thirdparameters or the respective value of the plurality of fourthparameters, or a combination thereof. The plurality of third parametersand the plurality of fourth parameters can be assigned, categorized, orotherwise classified into a plurality of third categories based on athird quantization of plurality of third parameters. The plurality ofthird parameters and the plurality of fourth parameters can be assigned,categorized, or otherwise classified into a plurality of fourthcategories based on a fourth quantization of plurality of fourthparameters. The third quantization can define or otherwise specify whichof the plurality of third parameters are categorized into the respectivethird category. The fourth quantization can define or otherwise specifywhich of the plurality of fourth parameters are categorized into therespective fourth category. Each of the plurality of third categoriesand each of the plurality of fourth categories can be associated with acategory value or index, such as, for example, a randomly generatedalphanumeric value. Using the previous example, if the fourthquantization specified that all purchase orders made on July 15 before12:00:00 were to be categorized into a single category, the purchaseorder made on Jul. 15, 2015 at 8:50:02 and the purchase order made onJul. 15, 2015 at 9:19:59 can be categorized into the same category andbe associated with the same category index. Represented mathematically,a location identifier as the third parameter and a time stamp as thefourth parameter, the second identifier vector can be, for example, ofthe form:Y

BY=B[ID _(Y),{

(r ₁ ,s ₁),(r ₂ ,s ₂)

_(j), . . . ,

(r _(M) ,s _(M))

_(J)}]where Y is the encrypted second identifier vector, Y is the secondidentifier vector, B is the third party encryption matrix, ID_(Y) is thesecond identifier, r_(m) is the third parameter for the m-th recordedinteraction, and s_(m) is the fourth parameter for the m-th recordedinteraction, and

. . .

_(j) denotes the j-th respective category value into which the thirdparameter r_(m) and the fourth parameter s_(m) were categorized based onthe value of the third parameter or the fourth parameter or acombination thereof.

The data processing system 110 can receive from the third party server130 the second identifier vector that includes the second identifier anda plurality of second combinations of the plurality of third parametersand the plurality fourth parameters. Each of the plurality of secondcombinations can be generated, for example, based on a hash function orcipher function of each of the plurality of first parameters and each ofthe plurality of second parameters. Represented mathematically, using ahash function of a location identifier as the third parameter and a timestamp as the fourth parameter, the second identifier vector can be, forexample, of the form:Y

BY=B[ID _(Y),{

χ(λ₁,τ₁),χ(λ₂,τ₂)

_(j), . . .

χ(λ_(N),τ_(N))

_(J)}]where Y is the encrypted second identifier vector, Y is the secondidentifier vector, ID_(Y) is the second identifier, B is the third partyencryption matrix, λ_(m) is the location identifier for the m-threcorded interaction, τ_(m) is the time stamp for the m-th recordedinteraction,

. . .

_(j) denotes the j-th respective category value into which the thirdparameter λ_(m) and the time stamp τ_(m) were categorized based oneither the location identifier or the time stamp or a combinationthereof, and χ(⋅) is the hash function. The hash function applied by thethird party server 130, χ(⋅), can be same or different from the hashfunction applied by the encryption module 140, h(⋅). The data processingsystem 110 can receive the second identifier vector including the secondidentifier and the plurality of second combinations from the third partyserver 130.

The encryption module 140 can encrypt the second identifier vector basedon the first party encryption, responsive to receiving the secondidentifier vector from the third party server 130. The encryption module140 can encrypt the second identifier, the plurality of thirdparameters, and the plurality of fourth parameters based on the firstparty encryption. The encryption module 140 can encrypt the secondidentifier, the plurality of third parameters, and the plurality offourth parameters based on the same encryption technique that theencryption module 140 used to encrypt the first identifier, theplurality of first parameters, and the plurality of second parameters.Represented mathematically, using a hash function of a locationidentifier as the third parameter and a time stamp as the fourthparameter, the second identifier vector further encrypted based on thefirst party encryption can be, for example, of the form:Y

A Y =ABY=AB[ID _(Y),{

χ(λ₁,τ₁),χ(λ₂,τ₂)

_(j), . . .

χ(λ_(N),τ_(N))

_(J)}]where Y is the second identifier vector doubly encrypted by the firstparty encryption and the third party encryption, Y is the secondidentifier vector encrypted by the first party encryption, Y is thesecond identifier vector, B is the third party encryption matrix, A isthe first party encryption matrix, ID_(Y) is the second identifier,λ_(m) is the location identifier for the m-th recorded interaction,τ_(m) is the time stamp for the m-th recorded interaction,

. . .

_(j) denotes the j-th respective category value into which the thirdparameter λ_(m) and the time stamp τ_(m) were categorized based oneither the location identifier or the time stamp or a combinationthereof, and χ(⋅) is the hash function.

The mapping module 135 can determine a correlation count between thefirst identifier vector and the second identifier vector based on amatch between some of the plurality of first parameters and some of theplurality of third parameters and between some of the plurality ofsecond parameters and some of the plurality of fourth parameters. Themapping module 135 can determine the correlation count for a respectivecategory of the plurality of categories based on a match between theplurality of first categories and the plurality of second categoriesversus the plurality of third categories and the plurality of fourthcategories. A match can be indicative of an identity, similarity,correlation, or otherwise correspondence between some of the pluralityof first parameters and some of the plurality of the third parametersand between some of the plurality of the second parameters and some ofthe plurality of fourth parameters. For example, the first identifiervector can include a location parameter as a first parameter and a timestamp as a second parameter classified into a category for websiterequests occurring from San Jose, Calif. at Jul. 15, 2015 between14:00:00 to 16:00:00. Furthermore, the second identifier vector caninclude a location parameter as a third parameter and a time stamp as afourth parameter classified into a category for purchase ordersoccurring from San Jose, Calif. at Jul. 15, 2015 between 14:00:00 to16:00:00. In this example, both the first identifier vector and thesecond identifier vector can have been doubly encrypted based on thesame first party encryption and the same third party encryption. Themapping module 135 can determine that there is a match between theencrypted first parameter and the encrypted third parameter and betweenthe encrypted second parameter and encrypted fourth parameter based onidentical match of the ciphers from the categories. Responsive todetermining that there is a match between the between the plurality ofencrypted first parameters and the plurality of encrypted thirdparameters and between the plurality of encrypted second parameters andthe plurality of encrypted fourth parameters, the mapping module 135 canincrement the correlation count.

The mapping module 135 can determine the correlation count based on thesome of the plurality of first parameters being within a first margin ofthe plurality of third parameters and some of the plurality of secondparameters being within a second margin of the plurality of fourthparameters. The mapping module 135 can determine the correlation countbased on the some of the plurality of first category values being withina category margin of the plurality of third category values and some ofthe plurality of second category values being within a second margin ofthe plurality of fourth parameters. The mapping module 135 can determinethe correlation count based on some of the plurality of the firstparameters being within a threshold distance of some of the plurality ofthe third parameters and some of the plurality of the second parametersbeing with a time window. For example, the first identifier vector caninclude a location parameter as a first parameter and a time stamp as asecond parameter classified into a category for website requestsoccurring from zip code 95630 at Jul. 15, 2015 between 14:00:00 to16:00:00. Furthermore, the second identifier vector can include alocation parameter as a third parameter and a time stamp as a fourthparameter classified into a category for purchase orders occurring fromzip code 95763 at Jul. 15, 2015 between 16:00:00 to 18:00:00. Therespective category indices of the first identifier vector and thesecond identifier vector can have been doubly encrypted by the firstparty encryption and the third party encryption. In this example, thethreshold distance can be specified as adjacent zip codes and the timestamp can be specified as contiguous time frames. The mapping module 130can access a list of zip codes from the one or more databases 145 anddetermine that zip code 95630 and zip code 95763 are adjacent to eachother. The mapping module 130 can determine the time frames 14:00:00 to16:00:00 is contiguous with 16:00;00 to 18:00:00. Responsive to thesedeterminations, the mapping module 135 can determine that there is amatch between the first parameter and the third parameter and the secondparameter and the fourth parameter, and increment the correlation countfor the respective category.

The mapping module 135 can determine that the first identifiercorresponds to the second identifier based on the correlation countbetween the first identifier vector and the second identifier vectorbeing above a determined threshold. The determine threshold can be basedon integer, fraction, or percentage, among others. The determinethreshold can also be constant, varying, or randomly generated, amongothers. The mapping module 135 can determine the determined thresholdbased on the length of the plurality of first parameters, the pluralityof second parameters, the plurality of third parameters, and theplurality of fourth parameters. For example, the lengths of theplurality of first parameters and plurality of second parameters eachcan be 15,000. Furthermore, the lengths of the plurality of thirdparameters and the plurality of fourth parameters each can be 3,000. Inthis example, the mapping module 135 can calculate the ratio between thelengths of the plurality of first parameters and plurality of secondparameters versus the plurality of third parameters and plurality offourth parameters. The mapping module 135 can then determine thedetermined threshold for the correlation count based on a fractionalmultiplicative factor of the ratio between the lengths. In this example,the mapping module 135 can then determine that the first identifier(e.g., “x345q$”) corresponds to the second identifier (e.g.,“cr3a1q@example_mail.com”) based on the correlation count being abovethe determined threshold.

The mapping module 135 can generate one identifier key for both thefirst identifier and the second identifier, responsive to determiningthat the first identifier corresponds to the second identifier. The oneidentifier key can be, for example, of the form of an alphanumericalstring, a randomly generated number, or a character string, amongothers. The one identifier key can include the first identifier storedon the one or more databases 145 of the data processing system 110. Forexample, if the first identifier were an account identifier such as anemail address, the mapping module 135 can set the email address as theone identifier key.

The mapping module 135 can determine that a predefined time has passedsince generating the one identifier key. The mapping module 135 candelete the first identifier vector and the second identifier vector,responsive to determining that the predefined that has passed. Themapping module 135 can delete the first identifier vector and the secondidentifier vector, responsive to generating the one identifier key. Themapping module 135 can store the first identifier vector and the secondidentifier vector in the one or more databases 145 for generating theone identifier key for the first identifier and the second identifier,responsive to determining that the correlation count is within atolerance range below the determined threshold.

FIG. 2 is a block diagram depicting one example computer networkedenvironment 200 to match identifiers between different datasets,according to an illustrative implementation. Environment 200 can includea subset of the system 100, focusing on the transmission and receivingdata flow 205, 210, and 215 between the data processing system 110 andthe third party server 130. In this example, the data processing system110 can transmit, to the third party server 130, the encrypted firstidentifier vector, AX, where A is the first party encryption matrix andX is the first identifier vector (Identifier 205). The transmission ofthe encrypted first identifier vector, AX, can cause or trigger thethird party server 130 to further encrypt the first identifier vectorbased on the third party encryption. The data processing system 110 cansubsequently receive, from the third party server 130, the doublyencrypted first identifier vector, BAX, where B is the third partyencryption matrix (Identifier 210). Independently of or subsequent tothe transmission of the encrypted first identifier vector, the dataprocessing system 110 can receive, from the third party server 130, theencrypted second identifier vector, BY, where A is the second partyencryption matrix and Y is the first identifier vector (Identifier 215).Having received the singly encrypted second identifier vector from thethird party server 130, the data processing system 110 can furtherencrypt the already encrypted second identifier vector based on thefirst party encryption, ABY. The data processing system 110 candetermine whether the first identifier and second identify correspond toeach other based on a match between the parameters of the firstidentifier vector and parameters of the second identifier vector. Basedon the determination of correspondence, the data processing system cangenerate one identifier key for both the first identifier and the secondidentifier.

FIG. 3 is a flow diagram depicting an example method 300 of matchingidentifiers between different datasets, according to an illustrativeimplementation. The functionality described herein with respect tomethod 300 can be performed or otherwise executed by the data processingsystem 110 or the various modules of the data processing system 110shown in FIG. 1. The method 300 can be performed or executed at varioustime intervals, ranging from once every few seconds or minutes to onceevery predetermined number of days. The method 300 can be performed orexecuted upon the fulfillment of a conditional, e.g., a conditiondetermined or received by the data processing system 110 such asaccumulating a predetermined number of the plurality of first parametersand the plurality of second parameters. The method 300 can be performed,responsive to a request from the content provider computing device 115,content publisher computing device 120, one or more client devices 125,or third party server 130.

The method 300 can transmit a first identifier vector to a third partyserver (ACT 305). For example, the data processing system 110 cantransmit the first identifier vector to the third party server 120 viathe network 105. The data processing system 110 can transmit the firstidentifier vector, encrypted based on the first party encryption. Thefirst identifier vector can include a first identifier, a plurality offirst parameters, and a plurality of second parameters. Each of theplurality of first parameters and each of the plurality of secondparameters can include log data of the network activity or interactionswith the data processing system 110 by the one or more client device 125associated with the first identifier.

The method 300 can receive the first identifier vector encrypted by thethird party server (ACT 310). For example, the data processing system110 can receive the first identifier vector encrypted by the third partyserver 120 via the network 105. The encryption technique applied to thefirst identifier vector may be a third party encryption associated withthe third party server 120.

The method 300 can receive a second identifier vector encrypted by thethird party server (ACT 315). For example, the data processing system110 can receive the second identifier vector from the third party server120 via the network. The second identifier vector can include a secondidentifier, a plurality of third parameters, and a plurality of fourthparameters. Each of the plurality of third parameters and each of theplurality of fourth parameters can include log data of the networkactivity or interactions with the third party server 120 by the one ormore client device 125 associated with the second identifier. Theencryption technique applied to the second identifier vector may be athird party encryption associated with the third party server 120.

The method 300 can determine a correlation count between the firstidentifier vector and the second identifier vector (ACT 320). Forexample, the data processing system 110 can determine the correlationcount between the first identifier vector and the second identifiervector based on determining whether there is a match between some of theplurality of first parameters and some of the plurality of the thirdparameters and between some of the plurality of second parameters andsome of the plurality of fourth parameters. The data processing system110 can determine that there is a match between the respectiveparameters, for example, when one of the plurality of first parametersis within a first margin of one of the plurality of second parametersand when one of the plurality of third parameters is within a secondmargin of one of the plurality of fourth parameters.

The method 300 can determine that the first identifier corresponds withthe second identifier based on the correlation count (ACT 325). Forexample, the data processing system 110 can determine that the firstidentifier corresponds with the second identifier based on thecorrelation count being above a determined threshold. The dataprocessing system 110 can determine the threshold based on the lengthsof the plurality of first parameters, the plurality of secondparameters, the plurality of third parameters, and the plurality offourth parameters.

The method 300 can generate one identifier key for both the firstidentifier and the second identifier (ACT 330). For example, the dataprocessing system 110 can generate the one identifier key for both thefirst identifier and the second identifier, responsive to determiningthat the first identifier corresponds with the second identifier. Thedata processing system 110 can set the first identifier as the oneidentifier key.

FIG. 4 is a block diagram illustrating a general architecture for acomputer system 400 that may be employed to implement elements of thesystems and methods described and illustrated herein, according to anillustrative implementation. The computer system or computing device 400can include, be part of, or be used to implement the system 100, dataprocessing system 110, mapping module 135, encryption module 140, or thethird party server 130. The computing system 400 includes a bus 405 orother communication component for communicating information and aprocessor 410 or processing circuit coupled to the bus 405 forprocessing information. The computing system 400 can also include one ormore processors 410 or processing circuits coupled to the bus forprocessing information. The computing system 400 also includes mainmemory 415, such as a random access memory (RAM) or other dynamicstorage device, coupled to the bus 405 for storing information, andinstructions to be executed by the processor 410. Main memory 415 canalso be used for storing position information, temporary variables, orother intermediate information during execution of instructions by theprocessor 410. The computing system 400 may further include a read onlymemory (ROM) 420 or other static storage device coupled to the bus 405for storing static information and instructions for the processor 410. Astorage device 425, such as a solid state device, magnetic disk oroptical disk, is coupled to the bus 405 for persistently storinginformation and instructions.

The computing system 400 may be coupled via the bus 405 to a display435, such as a liquid crystal display, or active matrix display, fordisplaying information to a user. An input device 430, such as akeyboard including alphanumeric and other keys, may be coupled to thebus 405 for communicating information and command selections to theprocessor 410. The input device 430 can include a touch screen display435. The input device 430 can also include a cursor control, such as amouse, a trackball, or cursor direction keys, for communicatingdirection information and command selections to the processor 410 andfor controlling cursor movement on the display 435.

The processes, systems and methods described herein can be implementedby the computing system 400 in response to the processor 410 executingan arrangement of instructions contained in main memory 415 or read onlymemory ROM 420. Such instructions can be read into main memory 415 fromanother computer-readable medium, such as the storage device 425.Execution of the arrangement of instructions contained in main memory415 causes the computing system 400 to perform the illustrativeprocesses described herein. One or more processors in a multi-processingarrangement may also be employed to execute the instructions containedin main memory 415. In alternative implementations, hard-wired circuitrymay be used in place of or in combination with software instructions toeffect illustrative implementations. Thus, implementations are notlimited to any specific combination of hardware circuitry and software.

Although an example computing system has been described in FIG. 4,implementations of the subject matter and the functional operationsdescribed in this specification can be implemented in other types ofdigital electronic circuitry, or in computer software, firmware, orhardware, including the structures disclosed in this specification andtheir structural equivalents, or in combinations of one or more of them.

Implementations of the subject matter and the operations described inthis specification can be implemented in digital electronic circuitry,or in computer software, firmware, or hardware, including the structuresdisclosed in this specification and their structural equivalents, or incombinations of one or more of them. The subject matter described inthis specification can be implemented as one or more computer programs,e.g., one or more circuits of computer program instructions, encoded onone or more computer storage media for execution by, or to control theoperation of, data processing apparatus. Alternatively or in addition,the program instructions can be encoded on an artificially generatedpropagated signal, e.g., a machine-generated electrical, optical, orelectromagnetic signal that is generated to encode information fortransmission to suitable receiver apparatus for execution by a dataprocessing apparatus. A computer storage medium can be, or be includedin, a computer-readable storage device, a computer-readable storagesubstrate, a random or serial access memory array or device, or acombination of one or more of them. Moreover, while a computer storagemedium is not a propagated signal, a computer storage medium can be asource or destination of computer program instructions encoded in anartificially generated propagated signal. The computer storage mediumcan also be, or be included in, one or more separate components or media(e.g., multiple CDs, disks, or other storage devices).

The operations described in this specification can be performed by adata processing apparatus on data stored on one or morecomputer-readable storage devices or received from other sources.

The term “data processing apparatus” or “computing device” encompassesvarious apparatuses, devices, and machines for processing data,including by way of example a programmable processor, a computer, asystem on a chip, or multiple ones, or combinations of the foregoing.The apparatus can include special purpose logic circuitry, e.g., an FPGA(field programmable gate array) or an ASIC (application specificintegrated circuit). The apparatus can also include, in addition tohardware, code that creates an execution environment for the computerprogram in question, e.g., code that constitutes processor firmware, aprotocol stack, a database management system, an operating system, across-platform runtime environment, a virtual machine, or a combinationof one or more of them. The apparatus and execution environment canrealize various different computing model infrastructures, such as webservices, distributed computing and grid computing infrastructures.

A computer program (also known as a program, software, softwareapplication, script, or code) can be written in any form of programminglanguage, including compiled or interpreted languages, declarative orprocedural languages, and it can be deployed in any form, including as astandalone program or as a circuit, component, subroutine, object, orother unit suitable for use in a computing environment. A computerprogram may, but need not, correspond to a file in a file system. Aprogram can be stored in a portion of a file that holds other programsor data (e.g., one or more scripts stored in a markup languagedocument), in a single file dedicated to the program in question, or inmultiple coordinated files (e.g., files that store one or more circuits,sub programs, or portions of code). A computer program can be deployedto be executed on one computer or on multiple computers that are locatedat one site or distributed across multiple sites and interconnected by acommunication network.

Processors suitable for the execution of a computer program include, byway of example, both general and special purpose microprocessors, andany one or more processors of any kind of digital computer. Generally, aprocessor will receive instructions and data from a read only memory ora random access memory or both. The essential elements of a computer area processor for performing actions in accordance with instructions andone or more memory devices for storing instructions and data. Generally,a computer will also include, or be operatively coupled to receive datafrom or transfer data to, or both, one or more mass storage devices forstoring data, e.g., magnetic, magneto optical disks, or optical disks.However, a computer need not have such devices. Moreover, a computer canbe embedded in another device, e.g., a mobile telephone, a personaldigital assistant (PDA), a mobile audio or video player, a game console,a Global Positioning System (GPS) receiver, or a portable storage device(e.g., a universal serial bus (USB) flash drive), to name just a few.Devices suitable for storing computer program instructions and datainclude all forms of non-volatile memory, media and memory devices,including by way of example semiconductor memory devices, e.g., EPROM,EEPROM, and flash memory devices; magnetic disks, e.g., internal harddisks or removable disks; magneto optical disks; and CD ROM and DVD-ROMdisks. The processor and the memory can be supplemented by, orincorporated in, special purpose logic circuitry.

To provide for interaction with a user, implementations of the subjectmatter described in this specification can be implemented on a computerhaving a display device, e.g., a CRT (cathode ray tube) or LCD (liquidcrystal display) monitor, for displaying information to the user and akeyboard and a pointing device, e.g., a mouse or a trackball, by whichthe user can provide input to the computer. Other kinds of devices canbe used to provide for interaction with a user as well; for example,feedback provided to the user can be any form of sensory feedback, e.g.,visual feedback, auditory feedback, or tactile feedback; and input fromthe user can be received in any form, including acoustic, speech, ortactile input.

While this specification contains many specific implementation details,these should not be construed as limitations on the scope of anyinventions or of what may be claimed, but rather as descriptions offeatures specific to particular implementations of particularinventions. Certain features described in this specification in thecontext of separate implementations can also be implemented incombination in a single implementation. Conversely, various featuresdescribed in the context of a single implementation can also beimplemented in multiple implementations separately or in any suitablesubcombination. Moreover, although features may be described above asacting in certain combinations and even initially claimed as such, oneor more features from a claimed combination can in some cases be excisedfrom the combination, and the claimed combination may be directed to asubcombination or variation of a subcombination.

Particular implementations of the subject matter have been described.Other implementations are within the scope of the following claims.While operations are depicted in the drawings in a particular order,this should not be understood as requiring that such operations beperformed in the particular order shown or in sequential order, or thatall illustrated operations are required to be performed. Actionsdescribed herein can be performed in a different order. In addition, theprocesses depicted in the accompanying figures do not necessarilyrequire the particular order shown, or sequential order, to achievedesirable results. In certain implementations, multitasking and parallelprocessing may be advantageous.

The separation of various system components does not require separationin all implementations, and the described program components can beincluded in a single hardware or software product. For example, theselection module 130 or the selection factor determination module 135can be a single module, a logic device having one or more processingcircuits, or part of an online content item placement system.

Having now described some illustrative implementations, it is apparentthat the foregoing is illustrative and not limiting, having beenpresented by way of example. In particular, although many of theexamples presented herein involve specific combinations of method actsor system elements, those acts and those elements may be combined inother ways to accomplish the same objectives. Acts, elements andfeatures discussed in connection with one implementation are notintended to be excluded from a similar role in other implementations orimplementations.

The phraseology and terminology used herein is for the purpose ofdescription and should not be regarded as limiting. The use of“including,” “comprising,” “having,” “containing,” “involving,”“characterized by,” “characterized in that,” and variations thereofherein, is meant to encompass the items listed thereafter, equivalentsthereof, and additional items, as well as alternate implementationsconsisting of the items listed thereafter exclusively. In oneimplementation, the systems and methods described herein consist of one,each combination of more than one, or all of the described elements,acts, or components.

Any references to implementations or elements or acts of the systems andmethods herein referred to in the singular may also embraceimplementations including a plurality of these elements, and anyreferences in plural to any implementation or element or act herein mayalso embrace implementations including only a single element. Referencesin the singular or plural form are not intended to limit the presentlydisclosed systems or methods, their components, acts, or elements tosingle or plural configurations. References to any act or element beingbased on any information, act or element may include implementationswhere the act or element is based at least in part on any information,act, or element.

Any implementation disclosed herein may be combined with any otherimplementation or embodiment, and references to “an implementation,”“some implementation,” “an alternate implementation,” “variousimplementations,” “one implementation” or the like are not necessarilymutually exclusive and are intended to indicate that a particularfeature, structure, or characteristic described in connection with theimplementation may be included in at least one implementation orembodiment. Such terms as used herein are not necessarily all referringto the same implementation. Any implementation may be combined with anyother implementation, inclusively or exclusively, in any mannerconsistent with the aspects and implementations disclosed herein.

References to “or” may be construed as inclusive so that any termsdescribed using “or” may indicate any of a single, more than one, andall of the described terms.

Where technical features in the drawings, detailed description or anyclaim are followed by reference signs, the reference signs have beenincluded to increase the intelligibility of the drawings, detaileddescription, and claims. Accordingly, neither the reference signs northeir absence have any limiting effect on the scope of any claimelements.

The systems and methods described herein may be embodied in otherspecific forms without departing from the characteristics thereof. Theforegoing implementations are illustrative rather than limiting of thedescribed systems and methods. Scope of the systems and methodsdescribed herein is thus indicated by the appended claims, rather thanthe foregoing description, and changes that come within the meaning andrange of equivalency of the claims are embraced therein.

What is claimed is:
 1. A system to bridge encrypted datasets, comprising: a first data processing system comprising one or more processors, the first data processing system configured to: determine a correlation between a first identifier vector of a first identifier and a second identifier vector of a second identifier, the first identifier vector and the second identifier vector encrypted with a first encryption technique and a second encryption technique, the first identifier associated with the first data processing system and the second identifier associated with a second data processing system; generate a key for a combination of the first identifier and the second identifier; identify, with the key, first data associated with the first identifier and second data associated with the second identifier; determine a correlation between the first data of the first identifier and the second data of the second identifier; and store, in a memory device, responsive to the correlation between the first data and the second data, a log comprising the first data of the first identifier and the second data of the second identifier.
 2. The system of claim 1, wherein the first identifier vector comprises a first parameter and a second parameter indicating the first data, and the second identifier vector comprises a third parameter and a fourth parameter indicating the second data, wherein the first data processing system is further configured to determine the correlation between the first identifier vector and the second identifier vector based on a correlation between the first parameter and the third parameter, and a correlation between the second parameter and the fourth parameter.
 3. The system of claim 2, wherein the first identifier vector comprises a first key generated by a hash function based on the first parameter and the second parameter, and the second identifier vector comprises a second key generated based on the third parameter and the fourth parameter, the first key and the second key different from the key.
 4. The system of claim 1, wherein the first data processing system is configured to transmit the key to the second data processing system to monitor a performance metric associated with the second data processing system.
 5. The system of claim 1, wherein the first data processing system is further configured to: set, based on the correlation between the first identifier vector and the second identifier vector, the first identifier as the key; or set, based on the correlation between the first identifier vector and the second identifier vector, the second identifier as the key.
 6. The system of claim 1, wherein the key refers to a first key, and the first data processing system is further configured to: delete, responsive to exceeding a predetermined time, the first identifier vector of the first identifier and the second identifier of the second identifier; identify a third identifier vector of the first identifier and a fourth identifier vector of the second identifier; determine a second correlation between the third identifier vector and the fourth identifier vector, the third identifier vector and the fourth identifier vector encrypted with the first encryption technique and the second encryption technique; and generate, based on the second correlation, a second key for both the first identifier and the second identifier.
 7. The system of claim 1, wherein the first data processing system is further configured to: determine the correlation between the first identifier vector of the first identifier and the second identifier vector of the second identifier based on a first correlation count; and determine the correlation between the first data of the first identifier and the second data of the second identifier based on a second correlation count.
 8. The system of claim 1, wherein the first identifier vector corresponds to online transactions processed by the first data processing system and the second identifier vector corresponds to offline transactions processed by the second data processing system.
 9. The system of claim 1, wherein the first data processing system is further configured to: receive, from the second data processing system, the first identifier vector encrypted with the first encryption technique and the second encryption technique; receive, from the second data processing system, the second identifier vector encrypted with the second encryption technique; and encrypt the second identifier vector with the first encryption technique to generate the key based on the first identifier vector and the second identifier vector encrypted with the first encryption technique and the second encryption technique.
 10. The system of claim 1, wherein the first data processing system is further configured to delete the first identifier vector of the first identifier and the second identifier vector of the second identifier in response to generating the key.
 11. A method, comprising: determining, by a first data processing system comprising one or more processors, a correlation between a first identifier vector of a first identifier and a second identifier vector of a second identifier, the first identifier vector and the second identifier vector encrypted with a first encryption technique and a second encryption technique, the first identifier associated with the first data processing system and the second identifier associated with a second data processing system; generating, by the first data processing system, a key for a combination of the first identifier and the second identifier; identifying, by the first data processing system, with the key, first data associated with the first identifier and second data associated with the second identifier; determining, by the first data processing system, a correlation between the first data of the first identifier and the second data of the second identifier; and storing, by the first data processing system in a memory device, responsive to the correlation between the first data and the second data, a log comprising the first data of the first identifier and the second data of the second identifier.
 12. The method of claim 11, wherein the first identifier vector comprises a first parameter and a second parameter indicating the first data, and the second identifier vector comprises a third parameter and a fourth parameter indicating the second data, further comprising determining, by the first data processing system, the correlation between the first identifier vector and the second identifier vector based on a correlation between the first parameter and the third parameter, and a correlation between the second parameter and the fourth parameter.
 13. The method of claim 12, wherein the first identifier vector comprises a first key generated by a hash function based on the first parameter and the second parameter, and the second identifier vector comprises a second key generated based on the third parameter and the fourth parameter, the first key and the second key different from the key.
 14. The method of claim 11, further comprising transmitting, by the first data processing system, the key to the second data processing system to monitor a performance metric associated with the second data processing system.
 15. The method of claim 11, further comprising: setting, by the first data processing system, based on the correlation between the first identifier vector and the second identifier vector, the first identifier as the key; or setting, by the first data processing system, based on the correlation between the first identifier vector and the second identifier vector, the second identifier as the key.
 16. The method of claim 11, wherein the key refers to a first key, further comprising: deleting, by the first data processing system, responsive to exceeding a predetermined time, the first identifier vector of the first identifier and the second identifier of the second identifier; identifying, by the first data processing system, a third identifier vector of the first identifier and a fourth identifier vector of the second identifier; determining, by the first data processing system, a second correlation between the third identifier vector and the fourth identifier vector, the third identifier vector and the fourth identifier vector encrypted with the first encryption technique and the second encryption technique; and generating, by the first data processing system, based on the second correlation, a second key for both the first identifier and the second identifier.
 17. The method of claim 11, further comprising: determining, by the first data processing system, the correlation between the first identifier vector of the first identifier and the second identifier vector of the second identifier based on a first correlation count; and determining, by the first data processing system, the correlation between the first data of the first identifier and the second data of the second identifier based on a second correlation count.
 18. The method of claim 11, wherein the first identifier vector corresponds to online transactions processed by the first data processing system and the second identifier vector corresponds to offline transactions processed by the second data processing system.
 19. The method of claim 11, further comprising: receiving, by the first data processing system, from the second data processing system, the first identifier vector encrypted with the first encryption technique and the second encryption technique; receiving, by the first data processing system, from the second data processing system, the second identifier vector encrypted with the second encryption technique; and encrypting, by the first data processing system, the second identifier vector with the first encryption technique to generate the key based on the first identifier vector and the second identifier vector encrypted with the first encryption technique and the second encryption technique.
 20. The method of claim 11, further comprising deleting, by the first data processing system, the first identifier vector of the first identifier and the second identifier vector of the second identifier in response to generating the key. 